Managing your passwords (with a little help)

LastPass – How it can help you be more secure on the web

With all the web based application and services (call it the cloud if you want) we use today it has become a nightmare to manage all the usernames and passwords required to access each of these services. I use 2-factor authentication (Google Authenticator) with LastPass to secure my LastPass account (Other products are available, but I personally use LastPass because its free and it works).

What is LastPass and why do I use it anyway?

At its core, LastPass is simply an internet browser add-on or plug-in that replaces your own browsers – password manager (where your internet passwords are saved). You may be wondering: if a web browser has this facility built in, why would you use a 3rd party add-on? Well, what most people don’t realise is that many browser password managers are VERY insecure. Someone could log on you your PC (Your wife, husband, co-worker, employee etc.) run some freely available software tools on your machine and pull out all of your saved passwords. A malware infection could also do something similar, pretty scary stuff! This is where something like LastPass steps in, it replaces the browsers own password manager with its own stronger, industry standard encryption, making your password store much much harder to break open.

So that’s all well and good, but now you are probably going to tell me you don’t save your passwords anyway aren’t you? In which case you probably use the same password on lots and lots of different sites don’t you? Until recent Sony playstation network hacking issues I too was guilty of this to an extent. What happens when one of the sites that you use the same password on gets hacked and again someone has access to all of your accounts? Well I use the following technique that leverage’s the true advantages of using a browser password manager; not needing to remember passwords!

No Memory Required

As LastPass will automatically fill your login information into websites for you, it doesn’t matter if you can’t remember what your password is. You don’t need to remember it! As long as you can access your LastPass account your all set! What this means is you can set a secure, unique password for each site or online service you use. If one site does get hacked you have minimised your exposure as the password is not used anywhere else in the known universe and all your other accounts are safe. Even better, you can use a password that minimises the chances that they can break it in the first place by using the maximum password length the site will accept. For example, where possible all my passwords are 20 characters long, contain upper-case and lower-case letters, numbers AND symbols adding further protection.

You may think all of the above is nonsense, but until I started auditing my password use I never realised how sloppy I had got, LastPass is now protecting 213 unique username and password combinations for different web-based services I use and this number is growing every day. I think it’s something that you should all look at as you might be surprised just how sloppy you have got too! Easily corrected and currently it doesn’t cost you anything but time.

(I must also mention I have no commercial or personal interest in LastPass or the company that owns it, I just think it’s a great idea.)